Utilizo un cliente openvpn para un servidor privado.
Sin embargo, cuando ejecuto pfctl -e -f /etc/pf.conf tengo el siguiente error que no puedo corregir en la línea 20 en referencia a antispoofing. Si quito la línea antispoofing, funciona.
¿Alguna idea?
Mi configuración es la siguiente:
# Options
set block-policy drop
set fingerprints "/etc/pf.os"
set ruleset-optimization basic
set skip on lo0
# Interfaces
vpn_intf = "{ utun0 utun1 utun2 utun3 }"
# Ports
allowed_vpn_ports = "{ 1:65535 }"
# Table with allowed IPs
table <allowed_vpn_ips> persist file "/etc/pf.anchors/vpn.list" file "/etc/pf.anchors/custom.list"
# Block all outgoing packets
block out all
# Antispoof protection
antispoof for $vpn_intf inet
# Allow outgoing packets to specified IPs only
pass out proto icmp from any to <allowed_vpn_ips>
pass out proto {tcp udp} from any to <allowed_vpn_ips> port $allowed_vpn_ports
# Allow traffic for VPN interfaces
pass out on $vpn_intf all
Este es el error que recibo.
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
/etc/pf.anchors/org.vpnonly.pf.rules:20: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded
pfctl: load anchors
Esto está en Sierra 10.12.1.